Definition of subtypes to the category "dangerous"
Posted by Karsten Kaus on 23 June 2016 03:00 PM
Applies to: eXpurgate, dangerous, categories, file type, file extension, attachment, virus
Modified on: 07/05/2016
Emails being classified as 'dangerous' are only potentially dangerous - they may link to the hard drive, contain an executable file, iframes or code snippets. All of these elements could possibly damage a computer system.
The category 'dangerous' consists of several sub categories:
The email includes an attachment with an extension that is potentially dangerous in a Windows environment (e.g. it opens and is executed by double click).
Currently, these file types are considered potentially dangerous and are therefore classified as dangerous.attachment:
ade, adp, app, asp, bas, bat, bhx, cab, ceo, chm, cmd, com, cpl,
crt, csr, der, exe, fxp, hlp, hta, inf, ins,isp, its, js, jse,
lnk, mad, maf, mag, mam, mar, mas, mat, mde, mim, msc, msi,
msp, mst, ole, pcd, pif, reg, scr, sct, shb, shs, vb, vbe,
vbmacros, vbs, vsw, wmd, wmz, ws, wsc, wsf, wsh, xxe, docm, xlsm
This is also true if one of the above mentioned attachments is contained in one of the following (password protected) archives:
arj, cab, jar, lha, rar, tar, zip
The email contains the HTML element iframe.
Like 'dangerous.attachment' but currently seen in great numbers on Cyren's servers.